I think I can unequivocally state that this book was the most frustrating but probably the most enjoyable to write so far. As opposed to previous scenarios where we targeted companies with hopeless security, this book embarks us on what we might call an adversarial environment: SIEM, machine learning security…

This is a question I get asked a lot: “what is the best vpn service out there?”. Let us take the time to address this once and for all. There are literally hundreds of blog articles about the “best vpn service” out there. From pcmag.com to cnet.com, though most of…

My short answer based on what I have seen…No. Before you jump to my throat, let me say that CTF games are awesome challenges. The people behind root-me, hellboundhackers, hackthebox and the such, are doing an amazing job. Some challenges are just total brain fucks. But, This is not what…

Most big clients I have been working with lately have managed to incorporate pentesting into their regular process. Almost every new application is pentested by a consulting company. The findings are presented during a meeting with the Security Officer and the action plan is approved by the project leader…Security is…

Today’s post will be dedicated to Windows Management Instrumentation (WMI) and how to use it in a pentesting engagement. We already talked briefly about WMI in How to Hack Like a GOD, but the idea is to expand on what was already presented and discover the true potential of WMI….

Remember we met Applocker on the Citrix server in Hack Like a GOD. It’s a whitelisting tool that can make it a bit harder to pwn a Windows system. Check out my guest blog at hacking-tutorial.com to learn how to bypass it!

In Hack Like a Pornstar we had a number of machines sharing the same local administrator account. We had to launch Mimikatz on all of them in the hope of getting that Domain Admin account. This post will go over the different ways to achieve such mass mimikatz execution. WinRM…

Few techniques can claim to be as popular and effective as good ol’ pass the hash in Windows environments. This prime example highlights the danger of screwing up the design of an authentication protocole. This post does not aim to explain PTH, we have talked about it in HFB, plus…

This post is a simple shout out to a blog post I enjoyed reading and that proves a point I have repeated endlessly throughout Hack like a Pornstar & Hack a Fashion Brand: AV products that rely on signatures (that’s almost all of them) can be trivially bypassed! If you…

I love the SimpleHTTPServer module on Python. It sets up a quick HTTP server when you are in dire need of a simple way to download files to a target. root@Kali:~# python -m SimpleHTTPServer Serving HTTP on 0.0.0.0 port 8000 … On a real assignment however I need two extra…